Hi all, I'm in the process of making some improvements to the NFSv4 dissector and running into some problems - hoping for some insight.
I've never spent any time with the pinfo "flags.visited" flag, or any of the logic that takes Wireshark through multiple passes processing the same packet. In what sort of circumstances would pinfo->fd->flags.visited actually be SET? In this case I'm expanding the NFSv2/v3 "File handle snooping" logic to support NFSv4 as well. At a certain point, nfs_name_snoop_fh() is called. I'm finding that when this is called while processing NFSv4 frames, the frame has already been "visited" and this flag is set. This causes a conditional to fail and none of the FH snooping code is run. However, this flag is FALSE when called by nfsv3. I'm not clear on what's different about the NFSv4 processing that could cause it to be "visiting" this frame before the FH processing is done (which is called as part of the main dissection code, and as far as I know is called directly from ONC-RPC dissection, at the exact same point as NFSv3). I'm also finding that everything works "normally" if I remove that check - both with NFSv3 and v4. But I'm assuming that removing this check causes something inefficient to happen - unnecessary second processing of FHs when dissecting with NFSv3, some extra memory usage, or something). But not clear what. If I understood more about how/when this flag would be changed, and what a dissector could that would lead to a "second processing pass" where this flag is set, I'd have a better chance of figuring out what I can do about the problem. Or if anyone knows the NFS/RPC dissectors well and want to weigh in, that'd be great too =) Thanks, Ian ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe